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The preset inv^tion relates to a miCTOcircuit card. 
To be more precise, the invention is directs to a microclrjruit card 
£Ldapt^ to: 

5 - pitK::ess a relafively voluminous stream of digital data ex!chang€Mi 

with a device external to the cardp and 

- implement security procBdure^, for example functions for verifying 
me integrity of the digital date exchanged with the external device or 
cryptographic functions for authenticating a user of the card. 
10 Thus the Invention may be used to decompress an encrypted digiteil 

data stream. 

In one prior art architecture of this kind of card, the digitaS data 
received from an input-output port of the microcircuit card is read by a 
microprocessor and processed as and when it is received. The micropjrotiHSSSor 

15 effects the security checks referred to above it receives digits! data* 

A major problem with the above architecture is that the digital data 
stream that can be exchanged by the card is limited by the frequency of the 
microprocessor (which is generally of the order of 4 MHz in the case of 
microcircuit cards known in the state of the art). 

20 In other fields of electronics, to alleviate the limits associatedl with the 

frequency of a microprocessor, the transfer of data at high bit rates is often 
effected by means of dedicated direct memory access (DMA) components 
These DMA components are programmed by a microprocessor to effect a 
predetermine transfer, for example between an input-output poijt and a 

2 5 memory, the microprocessor not handling the transfer as such. 

Unfortunately, these DMA components are dedicated to transferring 
data and are unable to effect proo&»sing of data during i^ ^ansfer. They are 
therefore not adapted i a priori, for transferring sensitive data necsssilating 
Mcurity operations, as is the case for ttie microcircuit cards cited abows. 

30 The invention alms, by overiMmlng this apparent inc^mpatibilltyp to 

enable transfer of a voluminous or fast secure data stream in a microdl-cult card 
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whilst maintaining a high security level thanks to an original assodation of a 
processor and direct memory access. 

To this ervd, it provides a mlcrocircuit card including: 

- input-output means for digital data; 

5 - processing means for processing this data; and 

- stream control means. 

The microcircuit card Is characterized in that the processing means include: 

" transfer means for transferring said digital data between the input- 
output means and a storage area; and 

10 -communication means for communicating with the stream control 

means security data obtained from the digital data, tha stream control means 
being adapted to control the transfer of the digital data by the transfer means 
taking into account said security data. 

Accordingly, the data received from the communication port is 

15 transferred by the transfer means to a storage area, the stream of this transfer 
being not limited by the speed of the stream control means. 

Moreover, during this transfer, security data obtained from the digital 
data is communicated by the processing means to ttie stream control means, 
the security data stream received by the stream control means being limited 

2 0 and in any event much less voluminous than the digital data stream received by 
the card. 

The stream control meansp consisting, for example, of a processor, 
are then in a positron by using this security data to effect the operations 
necessary for controlling the transfer means to guarantee compliance with 
1 25 security constraints. 

! The invention therefore enables the digital data stream processed by 

the microdrcuit card to be more voluminous whilst maintaining ihe security level 

of a conventional card. 

I In a first variant embodiment of the microcircuit card of the invention^ 

I 30 the security data referred above (Xinsists at least in part of a portion of said 

I digital data transfen'ed by the rard- 

I 
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In a preferred embodiment of thte first variant^ the security data 
includes authentication data for authenticating a portion of the digital data 
received by the card, the stream control means being adapted to verify the 
vaiidity of said digital data on the basis of tiiis authentication date and to control 
5 the transfer as a function of the result of this verification. 

In known manner* if the stream wntrol means determine that the 
auUienticatfon data is not valid when the card receives digital data transmitt^ 
by an external device, this means that the digital data was not sent by an 
authorized sender. 

10 In this situation, the stream control means may take a predetermined 

measure, such as blocking use of the card or sending an error message. 

In a preferrMi embodiment, to guarantee secure u^e of the card, the 

stream control means command the transfer means to stop the transfer of 

digital data if the authentication data is not valid. 
15 Thus the card is able to receive ^ voluminous data stream, only a 

portion of that data being communicated to the stream o^ntrot means to 

guarantee the required security. 

In a second variant embodiment, the processing means are adapted 

to insert into the security data a result of processing calculated from the digital 
20 data. 

The processing result may, for example, be the result of a step of 
verifjdng the aforementioned authentication data by calculation means included 
in the processing means, for example cryptc^raphic means of the microcircuit 
card . This result is then taken account of by the stream control means to verify 
25 the integrity of the digital data and to control its transfer by the transfer means 
I accordingly. 

This authentication step may consist in verifying a signature, for 
example using a cryptographic key and a hashing function in accordance with 
an algorithm of MD4, MD5 or type. 
30 In this variant, the stream control means effect the steps of verifying 

I the authentication data, They may then implement a predetermined measure in 
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the event of fraudulent misuse of the card, such as stopping the transfer of the 
digital data or biocking the use of the card. 

!n a preferred embodiment, the stream control means control the 
transfer of digital data by modifying at least one operating parameter of ^e 
5 transfer means. 

For example, this operating parameter Is a storage addr^s of tihe 
digital data in the storage area. 

Acoondlingly, if the occupancy of a first range of the storage area is 
above a predetermined threshold, the stream contn;?! means can set the 
10 parameters of the trar^sfer means so that the digital date received by the 
transfw means is stor^ at that address. 

The parameter cit^ above may also be a parameter for selecting Une 
protocol for communication between the input-output means and the storage 
area. This communication protocol can be, for example, adapted to transferring 
15 secure data. 

In different variant embodiments of the microcircuit card of the 
invention, the processing means indude a data compression unit a datei 
decompH-esslon unit, a data encryption unit or a data decryption unit 

In another variant embodiment, th© stream control means are further 
20 adapted to obtain directly from the input-output means preliminary data that is 
taken account of by the stream control unit to authorize or refuse the transfer of 
the digital data by the transfer means. 

In one particular embodiment of this variant, ttiis preliminary data 
includes authentication date. 
25 Thfs embodiment provides an additional level of security, for example 

frirough checking an authentication code prior to the transfer of the digital data 
proper, Unlilce security data, this authentication code is typically verified once 
only at the start of a transfer session. It may require a longer calculation time» 
and therefore employ a complex authentication algorithm providing a higher 
30 level of security. 

In another preferred embodiment, this preliminary data includes a 
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Storage address of the digital data that will be transferred by the transfer means, 
in ttiis preferred embodiment, this preliminary data may further Include data for 
authenticating the storage address^ in order to guarantee that the stctfage 
address has not been supplied by an unauthorized user, 
5 in a particularly advantageous embodiment, the micaroclrcuit card 

further includes regulation means adapted to modify a clock frequency applied 
to the processing means as a function of said security data. 

This feature then allows to limit the electrical power consumption of 
the miorocircuit c^rd if the transfer of digital data by the transfer means must be 
10 interrupted. 

The invention will be better understood and other advantage© of the 
invention will become more clearly apparent in the light of the following 
description of a miorocircuit card of the inventionp which descriptiCMTi is given by 
way of example only and wrth reference to the appended drawing, in which; 
15 - figure 1 Is a block diagram of a prior art microcircuit card; 

-figure 2 is a block diagram analogous to figure 1 showing one 
possible embodiment of a microcircuit card of the invention: and 

-figure 3 shows an e>cample of security data conforming to the 

invention. 

20 The prior art microcircuit card 10 shown in figure 1 includes primarily 

a processor CPU associated conventionally with a number of memories (of 
RAM, ROM, or EEPROM type), processing means 12 and input-output means 
14 connected, for example, to a terminal. 

The processing means 12 indude a calculation unit 13 adapted to 

2 5 peri'onm the actual processing of the digital data, that is to say for example 
operations of compression, decompression, encryption or decryption of these 
dal^. 

in a preferred embodiment, the Input-output means 14 enable the 
microcircuit c^rd 10 to communicate with an externa! terminal or electronic 
30 entity essentially comprising a UART (universal asynchronous receiver- 
transmitter), 
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The input-output means 14 may also adapted to implement 
standard communication protocols known to the person skilled in the art, for 
example the protocols referred to as "T=0". "T^l" {ISO 7816), USB. FireWire or 
I2C, 

5 According to the prior art, when microcircuit rard 10 receives via the 

UART digital date that is to be processed by the calculation unit 13 of the 
processing means 12, the UART sends an Inten-upt message to the processor 
CPU, The processor CPU then reads a register of the UART and copies ttie 
data into the RAM. 

10 The processor CPU then initializes the processing means 12, reads 

the data to be process^ in the RAM and copies it into a register 16 of tie 
processing m^ns 12. 

In order to be communicated to the external terminal the result 
calculated by the processing means 12 is then read by the processor CPU in 

1 5 the register 1 6 and copied into the UART register by the processor CPU, 

This mode of operation is not favorable to the processing of high bit- 
rate digital data by the microclrcutt card 10. B^jcause the intennedlate operation 
effected by the processor CPU of copying digital date into the RAM area before 
it is processed by the processing means 12 is particularly penalizing, 

2 0 However, the requirement is to increase the processing power of this 

kind of microcircuit card to process voluminous and continuous data streams in 
real time. 

For example, it might be required to be able to carry out real time 
decryption of digital data representative of sound. Such data is compressed to 
25 the MP3 standard and transmitted at a bit rate of 128 kbit/s. The microcircuit 
card responsible for real time decryption therefore needs to be able to receive 
and process information at a high bit rate. 

A microctitjuit card conforming to the invention and solving the above 
problem is described next wilii reference to figure 2, 
30 In accordanoa with the present inventionp the processing means 12 

include means DMA for transferring digital data between the communication 
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port 14 and a storage area 1S. 

In the figure 2 example described here, the storage area 18 Is a 

random access memory RAM. 

In other embodimentSp the storage area 18 may be selected from 
5 various types of rewritable memory, for example Flash memory, EEPROM type 
memory or a hard disk. 

In another variant, the storage area 18 is a port of the calculation unit 
13 of the processing means 12. 

In the pi^ferred embodiment described here^ the transfer means 
10 DMA include a dedicated electronic direct memory access (DMA) component 
known to the person skilled in the art. 

In known manner, this component is programmed by writing 
parameters into configuration registers. 

By way of non-limiting example, such parameters include the 
15 address of a port of the input-output means 14, the address of a range of the 
storage area 18 in which the digital data must be stored, and parameters 
representative of a criterion for stopping the transfer. 

Be this as it may^ the mlcrocircult card of the invention further 
includes stream control means 26 adapted to a^ntrol the transfer of the digital 
2 0 data by the transfer means DMA, 

In particular, if the digitet data must be transferred to a storage area 
18 of EEPROM type, the stream (x>ntrol means 26 are adapted to control a 
voltage generator or any other means of applying a sufficient electricai voltage 
to the EEPROM for it to be accessible in write mode. 
25 In the embodiment described with reference to figure 2, the stream 

control means 26 consists of a processor CPU conventionatly associated with 
these different memories (RAM. ROM, EEPROM), as in the case of figure 1, 

The setting of parameters of the transfer means DMA by the stream 
control means 26 is represented diagrammatically in figure 2 by the signals 20. 
30 In accordance with the present invention, the processing means 12 

also include means 22 for communication between its calculation unit 13 and 
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the stream control means 26. 

The communication means 22 enable the exchange between the 
proci^sing means 12 and the stream control means 26 of security data 
obtained from digital data DATA transferred by the transfer means DMA. 
5 Chronologically, once the transfer means DMA have been 

programmed by the stream control mi^ns 26* by means of the signals 20, the 
transfer means DMA effect the transfer of the digital date between the input- 
output means 14 and the storage area 18. The calculation unit 13 of the 
processing means 12 then obtains security data DATA^CTRL from the digttal 
10 data DATA stored in the storage area 18 and communicates it to the stream 
control means 26 via the communication means 22, 

Figure 3 shows one example of ttie security data DATA_CTRL us^ 
In a preferred embodiment 

The security data DATA_CTRL includes a digital data portion PI and 
15 authentication data AUTH calculated from the digital data of the portion P1 , 

!n a first variantp the authentication data AUTH forms a signature of 
the portion P1. This is typically a data portion PI to which a prior art hashing 
function (e.g. an MD4, MD5 or SHA-1 function) and then an encryption 
algorithm have been applied- A symmetrical l^ey encryption algorithm may be 
2 0 used for this purpose* such as the data encryption standard <DES) algorithm, or 
an asymmetric key algorithm such as the Rivestp Shamir and Adelman (RSA) 
algorithm. 

In thi® variant, on receiving this security data DATA_CTRL, the 

I 

stream control means 26 first decrypt the signature AUTH using the decrypting 
25 key and obtain a first result HASH1. The stream control means 26 then apply 
the hashing function to the portion P1 and obtain a second result liASH2. 

the stream control means 26 than compare the first result HASH1 
! and the second result HASH2. 

j In a preferred embodiment of this first variant, if these results HASH1 

30 and HASiH2 are different, the stream control means 26 send a stop signal to 
cxjmmand stopping of the transfer of digital data. 

I 
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In the preferred embodiment, the processing means 12 insert into the 
security data DATA^CTRL a result of processing of the digital data DATA by the 
calculation unit 13. 

This processing result is, for example, the address at which a portion 
5 of the digital data DATA has been stored in the storage area 18 by ttie transfer 
means DMA, the stream control means 26 then being adapted to read the data 
of that portion^ verify its validity, and control the transfer of the digital data DATA 
by the transfer means DMA as a function of the result of this verification, 

In an embodiment in which the processing means 12 include 
10 cryptographic means 13, this processing result is the result obtained by Uie 
cryptographic unit 13 in a step of authenticating the digital data DATA. 

In a variant, the processing result is the result obtained by the 
cryptographic means 13 in a step of verifying a signature of the digital data 
DATA. 

15 For example^ this verification step may consist in decrypting the data 

AUTH using an RSA algorithm to obtain a result similar to the first result 
HASH1. 

In a preferred embodiment, the stream control means 26 are further 
adapted to obtain preliminary data directly from the input-output means 14 over 
2 0 the data path 24 represented in figure 2. 

In a variant, the preliminary data is obtained by the stream control 
means 26 from a second input-output port, for example using the protocol 
referred to as «T=0" (ISO 7816); the input-output means 14 being reserved for 
the transfer of the digital data DATA by the transfer means DMA, 
25 The data path 24 may also be a bidirectional data path used by the 

I stream control means 26 to communicate Information to a device external to the 

microctfcuit card. This information may, for examptei consist of an error 
message sent by the stream control means 26 if they detect the presence of 
I erroneous digital data on the basis of Itte security information. 

30 This information may also consist of a data stream leaving the 

i microcircult caixl that is the result of the processing by the processing means 12 

I 

I 
i 
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of ttie digital data DATA received by the card. 

This preliminary data includes, for example, authentication data 
PASSWD and, be thte as it may, is taken into account to controi the transfer of 
digital data by the transfer means DMA. 
S Accofxlingly. if the authentication data PASSWD does not conform to 

a predetermined control rule, for example, which rule may be stored in the 
ROM. the stream control means 26 do not program «ie transfer means DMA to 
transfer the digital data between the Input-ou^ut means 14 and the storage 
area 1 d. 

10 The preliminary data preferably includes a digital data storage 

address. 

In a variantp the microcircuit card includes regulation means PLL 
adapted to modify a docl< frequency applied to the processing means 12 as a 
function of the control data DATA_CTRL. 
15 These regulation means PLL may consist of a phase-locked loop 

(PLL) component known by the person skilled in the art and used to derive 
signals at various clock frequences from a signal from an external clock (not 
shown). 

In the preferred embodiments these regulation means PLL are 
2 0 controlled by the stream control means 26 in order to adjust the electrical power 
consumption of the processing means 12 as a function of the stream of digital 
data DATA. 

In the selected embodiment, the transfer means DMA may be 
unidirectional or bidirectional. The invention applies in particular to controlling 
\ 25 the transfer of encrypted digital data DATA from the storage area 18 to the 

input-output means 14, 

I 

I 
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CLAIMS 

1 . Microdrcuit c^rd including: 

- Input-output means (14) for digital data (DATA); 

- processing means (12) for processing this data; and 
5 - stream control means (26), 

the microdrcuit c^rd b^ng characterlzi^ in that the processing means (12) 
indude: 

"transfer means (DMA) for transferring said digital data (DATA) 
between the input-output means (14) and a storage area (18); and 
10 -communication means (20) for communicating with the sfream 

wntfol means (26) security data (DATA_CTRL) obtained from said digital data 
(DATA), 

the stream control means (26) being adapted to control the transfer of the digital 
data (DATA) by the transfer means (DMA) taking into account said security data 
15 {DATA_CTRL), 

2. Microdrcuit card acconJIng to claim 1, characterized in that said 
security dai^ (DATA^CTRL) consists at least in part of a portion of said digitel 
date (DATA), 

3. Microdrcuit card according to claim 2, characterized in that said 
20 security data (DATA_CTRL) includes authentication data (AUTH) for 

authenticating a portion (PI) of the digital data received by the card, the stream 
control means (26) being adapted to verify the validity of s^id digital daia 
(DATA) on the basis of this authentication data (AUTH) and to control said 
transfer as a function of the result of this verification, 

25 4. Microdrcuit card according to any one of claims 1 to 3, 

characterized in that said processing means (12) are adapted to insert into said 
security data (DATA_CTRL) a result of processing said digital data (DATA), 

5. Microcircuit card according to claim 4, characterised In that said 
processing result ts the result of a step of authenticating said digital data. 

30 6, Microcircuit card according to any one of claims 1 to 5, 

characterized in that the stream control means are adapted to modify at least 
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one operating parameter of said transfer means (DMA). 

7. Micrqcircuit card according to claim 6, characterized in that said 
parameter is chCKsen between an address of said storage area (18) and a 
parameter for selecting a protocol for communiraition between flie input-output 

5 means (14) and the stoneige area (18). 

8. Mio-oclrajft card according to any one of claims 1 to 7, 
characterized in that said processing means (12) include a d^e compression 
unit (13). a data decompression unit a data encryption unit or a data decryption 
unit. 

10 9. Mlcrodrcuit card according to any one of claims 1 to 8, 

characterized In that said stream control means (26) are adapted to stop the 
transfer of the digital data (DATA) by said transfer means (DMA) if they detect 
the presence of invalid auth^tication data in said digltai data (DATA) on the 
basis of said security data (DATA_CTRL), 

15 10. Microcircult card according to any one of daims 1 to 9, 

charact^ized In that the stream confrol means (26) are further adapted to 
obtain preliminary data directly from the input-output means (14), the stream 
control means (26) also taking account of tiie preliminary data in authorizing or 
refusing the transfer of Hie digital data (DATA) by the transfer means (DMA), 
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1 1 . Microctrcuit card according to claim 10, characterized in that said 
preliminary data includes authentication data (PASSWD). 

13. MicnDcircult card according to claim 11 or claim 12, characterized 
5 in that ^id data includes a storage address for said digital data, 

14. Microcircuit card according to any one of claims 1 to 13, 
characterized in that it further Includes regulation means (PlL) adapted to 
modify a clock frequency applied to the processiing means (12) as a function of 
said security data (DATA_CTRL), 

10 15. Microcifojit card according to any one of claims 1 to 14^ 

characterize in that said transfer means (DMA) include a DMA components 
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1 1 . Microcircuit card according to daim 10, characterized in that said 
preliminary data includes auiftentication data (PASSWD). 

12. Microcircuit card according to claim 10 or claim 1 1 , characterized 
5 in ttiat said data includes a storage address for said digital data. 

13. Microcircuit card accortling to any one of claims 1 to 12, 
characterized in that it further includes regulation means (PLL) adapted to 
modify a clock frequency applied to the processing means (12) as a function of 
said security data (DATA^CTRL). 

10 14h Microcircuit card according to any one of claims 1 to 13, 

characterized In that said transfer means (DMA) include a DMA component 
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